Date:         Sat, 31 Jul 2010 23:29:07 -0500
Reply-To:     Connie Sieh 
Sender:       Security Errata for Scientific Linux
              
From:         Connie Sieh 
Subject:      Security ERRATA Moderate: lvm2-cluster,lvm2 for SL5
Comments: To: scientific 

Issue date:        2010-07-28
CVE Names:         CVE-2010-2526
Description:

It was discovered that the cluster logical volume manager daemon (clvmd)
did not verify the credentials of clients connecting to its control UNIX
abstract socket, allowing local, unprivileged users to send control
commands that were intended to only be available to the privileged root
user. This could allow a local, unprivileged user to cause clvmd to exit,
or request clvmd to activate, deactivate, or reload any logical volume on
the local system or another system in the cluster. (CVE-2010-2526)

Note: This update changes clvmd to use a pathname-based socket rather than
an abstract socket. As such, the lvm2 update 2010:0569, which changes
LVM to also use this pathname-based socket, must also be installed for LVM
to be able to communicate with the updated clvmd.

All lvm2-cluster users should upgrade to this updated package, which
contains a backported patch to correct this issue. After installing the
updated package, clvmd must be restarted for the update to take effect.

5. Bugs fixed

  CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and clvmd

6. Package List:

SRPM:
   lvm2-cluster-2.02.56-7.el5_5.4.src.rpm

i386:
   lvm2-cluster-2.02.56-7.el5_5.4.i386.rpm

x86_64:
   lvm2-cluster-2.02.56-7.el5_5.4.x86_64.rpm


lvm2 update included because of dependency.

i386:
   lvm2-2.02.56-8.el5_5.6.i386.rpm
x86_64:
   lvm2-2.02.56-8.el5_5.6.x86_64.rpm

-Connie Sieh
-Troy Dawson
lastline

SciLinux: CVE-2010-2526 Moderate: lvm2-cluster,lvm2 SL5

Important: freetype security update

Summary

Date:         Sat, 31 Jul 2010 23:29:07 -0500 Reply-To:     Connie Sieh  Sender:       Security Errata for Scientific Linux                From:         Connie Sieh  Subject:      Security ERRATA Moderate: lvm2-cluster,lvm2 for SL5 Comments: To: scientific Issue date:        2010-07-28 CVE Names:         CVE-2010-2526 Description:It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster. (CVE-2010-2526)Note: This update changes clvmd to use a pathname-based socket rather than an abstract socket. As such, the lvm2 update 2010:0569, which changes LVM to also use this pathname-based socket, must also be installed for LVM to be able to communicate with the updated clvmd.All lvm2-cluster users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, clvmd must be restarted for the update to take effect.5. Bugs fixed  CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and clvmd6. Package List:SRPM:    lvm2-cluster-2.02.56-7.el5_5.4.src.rpmi386:    lvm2-cluster-2.02.56-7.el5_5.4.i386.rpmx86_64:    lvm2-cluster-2.02.56-7.el5_5.4.x86_64.rpmlvm2 update included because of dependency.i386:    lvm2-2.02.56-8.el5_5.6.i386.rpm x86_64:    lvm2-2.02.56-8.el5_5.6.x86_64.rpm-Connie Sieh -Troy Dawson lastline



Security Fixes

Severity

Related News

25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved